noamsh Absent Member.
Absent Member.
286 views

How to remove\revoke a specific set of Entitlements


Hi everyone,
I know this question has been asked here for a couple of times before
but i havent seen any clear simple awnser.
I've got the Entitlements Service impemented in my organization.
Everything is just fine.

Well, there is an couple of Entitlements called "Permission" that im
intrested to Revoke(/Remove) when user is leaving the organization via a
Driver (although the entitlement was given by WF. the reason is that via
driver its less complicated..) [the entilement looks like that -
DirXML-EntitlementRef
cn=Permission,cn=ERP,cn=DriverSet,o=icc-il#1#<ref><src>AF</src><id>cd176f1674f04a0ea8a2dabde98e8720:e6aa4f04d44d4b66aecc3034267f2274</id><param>XXCAL_HR_OLM_SELF_SERVICE@OTA</param></ref>
]

Well, for now, when a user is supposed to leave - the following action
via the driver is running on it:
<do-for-each>
<arg-node-set>
<token-entitlement name="Permission"/>
</arg-node-set>
<arg-actions>
<do-remove-dest-attr-value name="ENT">
<arg-value type="string">
<token-local-variable
name="current-node"/>
</arg-value>
</do-remove-dest-attr-value>
</arg-actions>
</do-for-each>
The action which supposed to run after the ENT is revoked is running
and its okay but the only wrong thing is that the entitlement stays with
the #1# (Ent Enabled).
the only final thing we need it a simple action right after the
previous action to set the entitlement Disabled (#0#).

What action can be entered? (there is no "Remove Entitlement" or
somthing simple..)

THanks a LOT guys you are greate!!!


--
noamsh
------------------------------------------------------------------------
noamsh's Profile: http://forums.novell.com/member.php?userid=109588
View this thread: http://forums.novell.com/showthread.php?t=449430

Labels (1)
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: How to remove\revoke a specific set of Entitlements


noamsh;2160188 Wrote:
> Hi everyone,
> I know this question has been asked here for a couple of times before
> but i havent seen any clear simple awnser.
> I've got the Entitlements Service impemented in my organization.
> Everything is just fine.
>
> Well, there is an couple of Entitlements called "Permission" that im
> intrested to Revoke(/Remove) when user is leaving the organization via a
> Driver (although the entitlement was given by WF. the reason is that via
> driver its less complicated..) [the entilement looks like that -
> DirXML-EntitlementRef
> cn=Permission,cn=ERP,cn=DriverSet,o=icc-il#1#<ref><src>AF</src><id>cd176f1674f04a0ea8a2dabde98e8720:e6aa4f04d44d4b66aecc3034267f2274</id><param>XXCAL_HR_OLM_SELF_SERVICE@OTA</param></ref>
> ]
>
> Well, for now, when a user is supposed to leave - the following action
> via the driver is running on it:
> <do-for-each>
> <arg-node-set>
> <token-entitlement name="Permission"/>
> </arg-node-set>
> <arg-actions>
> <do-remove-dest-attr-value name="ENT">
> <arg-value type="string">
> <token-local-variable
> name="current-node"/>
> </arg-value>
> </do-remove-dest-attr-value>
> </arg-actions>
> </do-for-each>
> The action which supposed to run after the ENT is revoked is running
> and its okay but the only wrong thing is that the entitlement stays with
> the #1# (Ent Enabled).
> the only final thing we need it a simple action right after the
> previous action to set the entitlement Disabled (#0#).
>
> What action can be entered? (there is no "Remove Entitlement" or
> somthing simple..)
>
> THanks a LOT guys you are greate!!!


It HAS been answered, the best?recommended approach for your situation
is to use a workflow to remove the entitlement.

Create a workflow with auto approval, that revokes this entitlement.
Call this workflow from policy when you want to revoke the
entitlement.

See for an example 'Ldapwiki: Removing Novell Granted Entitlements'
(http://ldapwiki.willeke.com/wiki/Removing%20Novell%20Granted%20Entitlements)


--
alexmchugh
------------------------------------------------------------------------
alexmchugh's Profile: http://forums.novell.com/member.php?userid=40344
View this thread: http://forums.novell.com/showthread.php?t=449430

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.